I placed a bug RFE for this, but was also hoping to "stir up" some interest here in these forums.

Basic overview/premise:
Since Zimbra has made a strategic partnership with ProofPoint to provide Encryption services, I believe it would be in VMWare/Zimbra's interest to provide direct integration with ProofPoint's encryption software. That is, work with ProofPoint to directly integrate their product into the server install, much like with A&D. This provides for a quick, out-of-the-box solution without the need to setup additional software or appliances, it would simply work on the same box that Zimbra runs on. Furthermore, I could also see the benefit of integrating the management side of ProofPoint's encryption software with Zimbra. This will then provide for a single point of manageability.

Bottom line: Integration of Zimbra + ProofPoint will make for much easier management and less topological outlay. For those with multiple servers in a cluster, the encryption could be installed on all devices with an MTA and still be beneficial.

are there some integration and architectural docs on this? Should Proofpoint be deployed in front of MTAs or is it hooked to mail delivery the way spamassasin/clamav is? As I understand, the administration of PPoint is integrated into ZCS admin console..

Will Proofpoint be purchased through WMvware/Zimbra channels or will one have to buy that directly from Proofpoint.

Thanks
Jure

12-10-2011, 11:32 PM

cyberdeath

Quote:

Originally Posted by juresimsic

Hi,

are there some integration and architectural docs on this? Should Proofpoint be deployed in front of MTAs or is it hooked to mail delivery the way spamassasin/clamav is? As I understand, the administration of PPoint is integrated into ZCS admin console..

Will Proofpoint be purchased through WMvware/Zimbra channels or will one have to buy that directly from Proofpoint.

Thanks
Jure

Hi Jure,

I have not been able to find any decent integration and architectural docs besides the installation manual that was provided to me when I had initially shown interest. Let me know if you (or anyone else) would like a copy to look over. Maybe a ProofPoint engineer can also chime in on this question and the statements made lower (especially as it pertains to compatibility with PostFix).

ProofPoint prefers that installers use their appliance to deploy the software (virtual & physical options available). However, they also offer a milter filter that is (allegedly) only compatible with sendmail. This means you will need to install sendmail separately and have Zimbra use sendmail as the MTA Relay (which is inefficient at best and they do not support this implementation being on the same server at this time, either). I find it hard to believe that it won't work with PostFix unless it is truly making some very specialized calls/controls. Unfortunately, I do not have access to their product to test it out in a sandbox environment. As far as purchasing software, you have to go directly to ProofPoint at this time.

They also say that ProofPoint is directly integrated...but, in my opinion, integrated means "part of the installation package" or, at the very least, an easy add-on and not a separate product. Many companies that offer the same service do it the exact same way that ProofPoint does by offering an appliance that acts as the MX gateway. While that's all fine and dandy, I believe the best solution is to have it housed under one box with easy administration directly integrated.

To me, that was the deal breaker because it made their product just like everyone else's. I wanted direct integration. Hopefully this will someday be possible...and when it is, we may reconsider them.